You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Title PATH_INFO is not ignored, as generally done by Apache for static
files
Priority bug Status resolved
Superseder Nosy List poeml
Assigned To poeml Keywords
------ Comment #2 From Matt Barringer 2009-10-26 12:19:19 MDT (-) [reply] -------
Is there a reason to not treat the RPM URLs as files, rather than as a CGI
script? I don't really understand why PATH_INFO would be useful here.
------- Comment #3 From Peter Poeml 2009-10-26 15:12:27 MDT (-) [reply] -------
The behaviour is indeed different than when you would request a static file
from Apache.
The debug log (where r is the request context that Apache gives my module)
The core handler for normal files defaults to rejecting PATH_INFO requests. Handlers that serve scripts, such as cgi-script and isapi-handler, generally accept PATH_INFO by default.
mod_mirrorbrain is not a script, but it runs a handler similar to a script.
If it makes sense, the behaviour could be changed. What is the motivation? What
kind of funny requests are causing the problem?
(For the record, AcceptPathInfo Off in the context of the MirrorBrain config
has the desired effect as well)
I committed a fix to the trunk. It'll appear in the next release, which I'll hopefully complete during
the next weeks.
With the following patch, requests with PATH_INFO correctly lead to 404s, unless the server is
configured explicitely to allow PATH_INFO. This follows the best practice that modules should respect
the default.
mod_mirrorbrain now no longer (falsely) behaves like mod_cgi*.
Issue migrated (2015-06-05) from old issue tracker http://mirrorbrain.org/issues/issue18
msg43 (view) Author: poeml Date: 2009-10-26.22:10:18
Here's a report from the openSUSE bugzilla:
https://bugzilla.novell.com/show_bug.cgi?id=546396
Description From Matt Barringer 2009-10-13 02:31:27 MDT (-) [reply]
A URL like
http://download.opensuse.org/repositories/FATE:/keeper/openSUSE_11.1/noarch/sxkeeper-suse-1.4.0-
4.1.noarch.rpm/not/really/an/rpm/url
returns the RPM rather than returning a 404 error. This causes some bad
problems for SUSE Studio when users add build service repositories by URL.
------ Comment #2 From Matt Barringer 2009-10-26 12:19:19 MDT (-) [reply] -------
Is there a reason to not treat the RPM URLs as files, rather than as a CGI
script? I don't really understand why PATH_INFO would be useful here.
------- Comment #3 From Peter Poeml 2009-10-26 15:12:27 MDT (-) [reply] -------
The behaviour is indeed different than when you would request a static file
from Apache.
The debug log (where r is the request context that Apache gives my module)
logs the following for a request on .../foo/bar:
[Mon Oct 26 21:49:14 2009] [warn] [client 10.10.3.98] [mod_mirrorbrain] URI:
'/zrkadlo/repositories/Apache/openSUSE_11.0/i586/apache2-devel-2.2.12-1.1.i586.rpm/foo/bar'
[Mon Oct 26 21:49:14 2009] [warn] [client 10.10.3.98] [mod_mirrorbrain]
filename:
'/srv/www/htdocs/zrkadlo/repositories/Apache/openSUSE_11.0/i586/apache2-devel-2.2.12-1.1.i586.rpm'
The documentation
(http://httpd.apache.org/docs/2.2/mod/core.html#acceptpathinfo) enlightens us:
The core handler for normal files defaults to rejecting PATH_INFO requests. Handlers that serve scripts, such as cgi-script and isapi-handler, generally accept PATH_INFO by default.
mod_mirrorbrain is not a script, but it runs a handler similar to a script.
If it makes sense, the behaviour could be changed. What is the motivation? What
kind of funny requests are causing the problem?
(For the record, AcceptPathInfo Off in the context of the MirrorBrain config
has the desired effect as well)
msg185 (view) Author: poeml Date: 2010-04-23.03:27:46
I committed a fix to the trunk. It'll appear in the next release, which I'll hopefully complete during
the next weeks.
With the following patch, requests with PATH_INFO correctly lead to 404s, unless the server is
configured explicitely to allow PATH_INFO. This follows the best practice that modules should respect
the default.
mod_mirrorbrain now no longer (falsely) behaves like mod_cgi*.
--- mod_mirrorbrain.c (revision 8042)
+++ mod_mirrorbrain.c (working copy)
@@ -1092,6 +1092,12 @@
return DECLINED;
}
/* is there PATH_INFO, and are we supposed to accept it? */
if ((r->path_info && *r->path_info)
}
debugLog(r, cfg, "URI: '%s'", r->unparsed_uri);
debugLog(r, cfg, "filename: '%s'", r->filename);
msg186 (view) Author: poeml Date: 2010-04-23.03:31:01
http://svn.mirrorbrain.org/viewvc/mirrorbrain?view=revision&revision=8043
msg222 (view) Author: poeml Date: 2010-09-06.00:01:52
I haven't received feedback about the effectivness of the bug yet; but I'm closing
this issue as resolved nevertheless. Please reopen if necessary.
(end of migrated issue)
The text was updated successfully, but these errors were encountered: